CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3112: CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends...

6.5 CVSS

Description

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.

Classification

CVE ID: CVE-2025-3112

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-400 Uncontrolled Resource Consumption

Affected Products

Vendor: Schneider Electric

Product: Modicon Controllers M241/M251

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 13.02% (scored less or equal to compared to others)

EPSS Date: 2025-06-17 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3112
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-02.pdf

Timeline

2025-06-10 22:40:13 UTC
CVE

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends...